NFTables.Query (NFTables v0.8.2)

Command builders for querying nftables resources.

This module provides pure functions that build nftables JSON commands for read operations. Commands are meant to be piped through NFTables.Local for execution and Decoder for transformation.

Pipeline Architecture

Query.list_tables(family: :inet)     # Build command (pure function)
|> NFTables.Local.submit(pid: pid)   # Execute & JSON decode
|> Decoder.decode()                  # Transform to idiomatic Elixir

Examples

# List all tables
{:ok, %{tables: tables}} =
  Query.list_tables(family: :inet)
  |> NFTables.Local.submit(pid: pid)
  |> Decoder.decode()

# List rules in a specific chain
{:ok, %{rules: rules}} =
  Query.list_rules("filter", "INPUT")
  |> NFTables.Local.submit(pid: pid)
  |> Decoder.decode()

# List entire ruleset
{:ok, %{tables: tables, chains: chains, rules: rules, sets: sets}} =
  Query.list_ruleset(family: :inet)
  |> NFTables.Local.submit(pid: pid)
  |> Decoder.decode()

# Build command for remote execution
cmd = Query.list_tables(family: :inet)
MyTransport.send_to_node("firewall-1", cmd)

Summary

Types

family()

Functions

delete_set_elements(pid, table, set_name, elements, opts \\ [])

Delete elements from a set.

flush_ruleset(opts \\ [])

Build a command map to flush ruleset.

list_chains(opts \\ [])

Build a command map to list chains.

list_rules(opts)

Build a command map to list rules.

list_rules(table, chain)

list_rules(table, chain, opts)

list_ruleset(opts \\ [])

Build a command map to list the entire ruleset.

list_set_elements(table, set_name, opts \\ [])

Build a command map to list set elements.

list_sets(opts \\ [])

Build a command map to list sets.

list_tables(opts \\ [])

Build a command map to list tables.

Types

family()

@type family() :: :inet | :ip | :ip6 | :arp | :bridge | :netdev

Functions

delete_set_elements(pid, table, set_name, elements, opts \\ [])

@spec delete_set_elements(pid(), String.t(), String.t(), [String.t()], keyword()) ::
  :ok | {:error, term()}

Delete elements from a set.

Parameters

pid - NFTables process pid
table - Table name
set_name - Set name
elements - List of element values (strings)
opts - Keyword list options:
- :family - Protocol family (default: :inet)
- :timeout - Operation timeout in ms (default: 5000)

Example

:ok = NFTables.Query.delete_set_elements(pid, "filter", "blocked_ips", ["192.168.1.100"])

flush_ruleset(opts \\ [])

@spec flush_ruleset(keyword()) :: map()

Build a command map to flush ruleset.

Returns a map that can be piped to NFTables.Local.submit/2.

Options

:family - Protocol family (optional, default: flush all families)

Examples

# Flush entire ruleset
Query.flush_ruleset()
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()
#=> :ok

# Flush only specific family
Query.flush_ruleset(family: :inet)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()
#=> :ok

list_chains(opts \\ [])

@spec list_chains(keyword()) :: map()

Build a command map to list chains.

Returns a map that can be piped to NFTables.Local.submit/2.

Options

:family - Protocol family (optional)

Examples

Query.list_chains(family: :inet)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

list_rules(opts)

@spec list_rules(keyword()) :: map()

Build a command map to list rules.

Returns a map that can be piped to NFTables.Local.submit/2.

Parameters

opts - Keyword list options:
- :family - Protocol family (default: :inet)

Or:

table - Table name (string)
chain - Chain name (string)
opts - Keyword list options:
- :family - Protocol family (default: :inet)

Examples

# List all rules for a family
Query.list_rules(family: :inet)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

# List rules in a specific chain
Query.list_rules("filter", "INPUT")
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

# With options
Query.list_rules("filter", "INPUT", family: :inet6)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

list_rules(table, chain)

@spec list_rules(String.t(), String.t()) :: map()

list_rules(table, chain, opts)

@spec list_rules(String.t(), String.t(), keyword()) :: map()

list_ruleset(opts \\ [])

@spec list_ruleset(keyword()) :: map()

Build a command map to list the entire ruleset.

Returns a map that can be piped to NFTables.Local.submit/2.

Options

:family - Protocol family (optional, default: list all families)

Examples

# List entire ruleset
Query.list_ruleset()
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()
#=> {:ok, %{
#     tables: [...],
#     chains: [...],
#     rules: [...],
#     sets: [...]
#   }}

# List ruleset for specific family
Query.list_ruleset(family: :inet)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

list_set_elements(table, set_name, opts \\ [])

@spec list_set_elements(String.t(), String.t(), keyword()) :: map()

Build a command map to list set elements.

Returns a map that can be piped to NFTables.Local.submit/2.

Parameters

table - Table name (string)
set_name - Set name (string)
opts - Keyword list options:
- :family - Protocol family (default: :inet)

Examples

Query.list_set_elements("filter", "blocklist")
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

Query.list_set_elements("filter", "blocklist", family: :inet6)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

list_sets(opts \\ [])

@spec list_sets(keyword()) :: map()

Build a command map to list sets.

Returns a map that can be piped to NFTables.Local.submit/2.

Options

:family - Protocol family (optional)

Examples

Query.list_sets(family: :inet)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

list_tables(opts \\ [])

@spec list_tables(keyword()) :: map()

Build a command map to list tables.

Returns a map that can be piped to NFTables.Local.submit/2.

Options

:family - Protocol family (optional)

Examples

# List all tables
Query.list_tables()
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()

# List tables for specific family
Query.list_tables(family: :inet)
|> NFTables.Local.submit(pid: pid)
|> Decoder.decode()